The need for a CISO goes away and morphs into the role of the Chief Information Risk Officer reporting to either a Chief Risk Officer or Chief Compliance Officer outside of IT. Security truly becomes embedded in this model and the costs are reduced through consolidation of efforts.
A recent Seattle Times article offers an interesting case-study for security professionals. The headline: "After 6 months, drivers ignoring cellphone ban." Can we learn anything from law enforcement's implementation of this new law? I think so.
Yes, ladies and gentlemen, according to the Institure of Internal Auditors(IIA), "there is no such thing as 'IT Risk'". After closing a semester of teaching web application security, I wanted to share my observations and concerns regarding the understanding of "risk" among the next generation of security professionals.
What are you doing about Web 2.0 and formal acceptable use policies? As a blogger from a state known to be a leader in the use of technology in government, I get that question a lot. The answer: quite a bit right now.
I've been a bit too serious lately and it is almost time to wrap up 2008. So here is a new twist on the Twelve Days of Christmas.
Suggestions for new verses are welcome!
If your security department says they cannot deploy a network access control solution, tell them they are not being innovative enough and send them the attached document. They can do it. If they tell you then need a half million dollars for whole disk encryption or something to find bots, tell them they are full of you know what and send them the attached.
As each year grinds on, we continue to operate at high levels of operational expense since we can be nothing more than a jack of many vendors and a master of none.
This November, CSO held it's Executive Seminar on Data Loss Prevention in New York City. Here is a recap of the event.
I've spent almost 2 years bashing OS X security and more specifically Apple's information security program. Well, while fawning over a friend's MacBook Air (MBA) yesterday I had an epiphany. Have I been too hard on Apple? Is the security inherent in OS X sufficient for Apple's core audience?
If you want solid training on how to write 'proper' code - see peoplesecurity.com!
2 days 14 hours ago
2 days 22 hours ago
3 days 19 hours ago
1 week 5 days ago
1 week 5 days ago
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
(ISC)2 members can earn up to 6 CPE Credits
Reference priority code ONLINE and attend this program as our guest — that's a $295 savings!
THE IDG NETWORK
